Details of VAR-202111-0697

ID

VAR-202111-0697

CVE

CVE-2021-41379

TITLE

plural Microsoft Windows Elevated authority vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2021-004138

DESCRIPTION

Windows Installer Elevation of Privilege Vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Windows Installer service. By creating a junction, an attacker can abuse the service to delete a file or directory. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Microsoft Windows Installer是美国微软（Microsoft）公司的Windows 操作系统的一个组件。为安装和卸载软件提供了标准基础. Microsoft Windows Installer存在权限许可和访问控制问题漏洞。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 11 for x64-based Systems,Windows 11 for ARM64-based Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1909 for x64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation)

Trust: 2.88

sources: NVD: CVE-2021-41379 // JVNDB: JVNDB-2021-004138 // ZDI: ZDI-21-1308 // CNNVD: CNNVD-202111-802 // VULMON: CVE-2021-41379

AFFECTED PRODUCTS

vendor:	microsoft	model:	windows 7	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows 8.1	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows rt 8.1	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows server 2019	scope:	lt	version:	10.0.17763.2300	Trust: 1.0
vendor:	microsoft	model:	windows server 2008	scope:	eq	version:	r2	Trust: 1.0
vendor:	microsoft	model:	windows server 2022	scope:	lt	version:	10.0.20348.350	Trust: 1.0
vendor:	microsoft	model:	windows server 2004	scope:	lt	version:	10.0.19041.1348	Trust: 1.0
vendor:	microsoft	model:	windows 10 1909	scope:	lt	version:	10.0.18363.1916	Trust: 1.0
vendor:	microsoft	model:	windows 11 21h2	scope:	lt	version:	10.0.22000.318	Trust: 1.0
vendor:	microsoft	model:	windows server 2012	scope:	eq	version:	r2	Trust: 1.0
vendor:	microsoft	model:	windows server 20h2	scope:	lt	version:	10.0.19042.1348	Trust: 1.0
vendor:	microsoft	model:	windows 10 21h1	scope:	lt	version:	10.0.19043.1348	Trust: 1.0
vendor:	microsoft	model:	windows server 2008	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows 10 2004	scope:	lt	version:	10.0.19041.1348	Trust: 1.0
vendor:	microsoft	model:	windows 10 20h2	scope:	lt	version:	10.0.19042.1348	Trust: 1.0
vendor:	microsoft	model:	windows server 2016	scope:	lt	version:	10.0.14393.4770	Trust: 1.0
vendor:	microsoft	model:	windows 10 1507	scope:	lt	version:	10.0.10240.19119	Trust: 1.0
vendor:	microsoft	model:	windows server 2012	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows 10 1809	scope:	lt	version:	10.0.17763.2300	Trust: 1.0
vendor:	microsoft	model:	windows 10 1607	scope:	lt	version:	10.0.14393.4770	Trust: 1.0
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2016 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2012 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 for 32-bit systems sp2	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 for x64-based systems sp2	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows 7	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2012	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 for x64-based systems sp2 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2016	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2008	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2022	scope:	eq	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	20h2 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2012	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 for 32-bit systems sp2 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2019	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2022 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 r2 for x64-based systems sp1	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2004 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2012 r2 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows 8.1	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows 11	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2016	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2012 r2	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2022	scope:	eq	version:	(server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2022	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 r2 for x64-based systems sp1 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows rt 8.1	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2019	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows 10	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2019 (server core installation)	Trust: 0.8
vendor:	microsoft	model:	windows	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-21-1308 // JVNDB: JVNDB-2021-004138 // NVD: CVE-2021-41379

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-41379
value:	HIGH
Trust: 1.8
secure@microsoft.com:	CVE-2021-41379
value:	MEDIUM
Trust: 1.0
ZDI:	CVE-2021-41379
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202111-802
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-41379
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2021-41379
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9

NVD:
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@microsoft.com:
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-41379
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2021-41379
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-1308 // VULMON: CVE-2021-41379 // JVNDB: JVNDB-2021-004138 // CNNVD: CNNVD-202111-802 // NVD: CVE-2021-41379 // NVD: CVE-2021-41379

PROBLEMTYPE DATA

problemtype:	CWE-59	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004138 // NVD: CVE-2021-41379

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-802

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202111-802

CONFIGURATIONS

sources: NVD: CVE-2021-41379

PATCH

title:	Windows Installer Elevation of Privilege Vulnerability Security Update Guide	url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-41379	Trust: 0.8
title:	Microsoft has issued an update to correct this vulnerability.	url:	https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-41379	Trust: 0.7
title:	Microsoft Windows Installer Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=169663	Trust: 0.6
title:	InstallerFileTakeOver	url:	https://github.com/alexandrvivanov/installerfiletakeover	Trust: 0.1
title:	InstallerFileTakeOver	url:	https://github.com/noname1007/installerfiletakeover	Trust: 0.1
title:	InstallerFileTakeOver	url:	https://github.com/puckiestyle/installerfiletakeover	Trust: 0.1
title:	InstallerFileTakeOver	url:	https://github.com/cyb3rpeace/installerfiletakeover	Trust: 0.1
title:	Disclaimer Tools NOTES RESOURCES	url:	https://github.com/octoberfest7/tools	Trust: 0.1
title:	Disclaimer Tools NOTES RESOURCES	url:	https://github.com/octoberfest7/osep-tools	Trust: 0.1
title:	JustRepository	url:	https://github.com/dxnboy/redteam	Trust: 0.1
title:	shakeitoff	url:	https://github.com/jbaines-r7/shakeitoff	Trust: 0.1
title:	https://github.com/nitishbadole/oscp-note-3	url:	https://github.com/nitishbadole/oscp-note-3	Trust: 0.1
title:	OSCP Cheat Sheet	url:	https://github.com/eljosep/oscp-guide	Trust: 0.1
title:	Enumeración Metodologia WEB XXE Unrestricted File Uploads SNMP Enumeration WordPress SQLI Active Directory SMB RPC PORT FORWARDING GIT PORT KNOCKING Webs para practicar 03/02/2023 road to oscp official	url:	https://github.com/ly0nt4r/oscp	Trust: 0.1
title:	Awesome Hacking	url:	https://github.com/rohankumardubey/awesome-hacking	Trust: 0.1
title:	Awesome Hacking	url:	https://github.com/ghostxing/hacking	Trust: 0.1
title:	OSCP Cheat Sheet	url:	https://github.com/kgwanjala/oscp-cheatsheet	Trust: 0.1
title:	OSCP Cheat Sheet	url:	https://github.com/sirelmard/ethical_hacking	Trust: 0.1
title:	OSCP Cheat Sheet	url:	https://github.com/xhref/oscp	Trust: 0.1
title:	OSCP Cheat Sheet	url:	https://github.com/oscpname/oscp_cheat	Trust: 0.1
title:	OSCP Cheat Sheet	url:	https://github.com/0xsyr0/oscp	Trust: 0.1
title:	WindowsPrivilegeEscalation 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2003 2000	url:	https://github.com/ycdxsb/windowsprivilegeescalation	Trust: 0.1
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/ostorlab/kev	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/exploited-microsoft-zero-day-spoofing-malware/177045/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/attackers-target-windows-installer-bug/176558/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2021/11/23/windows_lpe/	Trust: 0.1

sources: ZDI: ZDI-21-1308 // VULMON: CVE-2021-41379 // JVNDB: JVNDB-2021-004138 // CNNVD: CNNVD-202111-802

EXTERNAL IDS

db:	NVD	id:	CVE-2021-41379	Trust: 3.2
db:	ZDI	id:	ZDI-21-1308	Trust: 2.4
db:	JVNDB	id:	JVNDB-2021-004138	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-14616	Trust: 0.7
db:	CS-HELP	id:	SB2021110933	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-802	Trust: 0.6
db:	VULMON	id:	CVE-2021-41379	Trust: 0.1

sources: ZDI: ZDI-21-1308 // VULMON: CVE-2021-41379 // JVNDB: JVNDB-2021-004138 // CNNVD: CNNVD-202111-802 // NVD: CVE-2021-41379

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-21-1308/	Trust: 2.4
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-41379	Trust: 1.7
url:	https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-41379	Trust: 1.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41379	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20211110-ms.html	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2021/at210048.html	Trust: 0.8
url:	https://vigilance.fr/vulnerability/windows-vulnerabilities-of-november-2021-36842	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021110933	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/59.html	Trust: 0.1
url:	https://www.theregister.co.uk/2021/11/23/windows_lpe/	Trust: 0.1
url:	https://github.com/alexandrvivanov/installerfiletakeover	Trust: 0.1
url:	https://threatpost.com/attackers-target-windows-installer-bug/176558/	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-21-1308 // VULMON: CVE-2021-41379 // JVNDB: JVNDB-2021-004138 // CNNVD: CNNVD-202111-802 // NVD: CVE-2021-41379

CREDITS

Abdelhamid Naceri

Trust: 0.7

sources: ZDI: ZDI-21-1308

SOURCES

db:	ZDI	id:	ZDI-21-1308
db:	VULMON	id:	CVE-2021-41379
db:	JVNDB	id:	JVNDB-2021-004138
db:	CNNVD	id:	CNNVD-202111-802
db:	NVD	id:	CVE-2021-41379

LAST UPDATE DATE

2024-07-25T04:13:20.915000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-1308	date:	2021-11-11T00:00:00
db:	VULMON	id:	CVE-2021-41379	date:	2023-12-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-004138	date:	2021-11-15T08:53:00
db:	CNNVD	id:	CNNVD-202111-802	date:	2021-11-15T00:00:00
db:	NVD	id:	CVE-2021-41379	date:	2024-07-24T16:21:53.237

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-1308	date:	2021-11-11T00:00:00
db:	VULMON	id:	CVE-2021-41379	date:	2021-11-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-004138	date:	2021-11-15T00:00:00
db:	CNNVD	id:	CNNVD-202111-802	date:	2021-11-09T00:00:00
db:	NVD	id:	CVE-2021-41379	date:	2021-11-10T01:19:32.127